Vh0 JdZdZdZddlmZddlmZddlmZddlmZddlm Z dd l m Z dd l m Z dd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZddlm Z ddlm!Z!gdZ"gdZ#dede$de$de e%d e e$f d!Z&d"ed#e$d ee$effd$Z'd"ed%ee$efd&e$d ee$effd'Z(d"ed%ee$efd ee$effd(Z)dee$efd ee$effd)Z*d*ee$efdee$efd+e%d,e%d ee$eff d-Z+d*ee$efdee$efd ee$effd.Z,d"edee$efd d/fd0Z-d"edee$efd1e$d e%fd2Z.d"edee$efde%d e%fd3Z/d"ed1e$d e%fd4Z0d"edee$efde$d e%fd5Z1d"edee$efd e%fd6Z2d"edee$efde$d e%fd7Z3d8Z4e5d9k(re4y/y/):aR --- module: rds_instance version_added: 5.0.0 short_description: Manage RDS instances description: - Create, modify, and delete RDS instances. - This module was originally added to C(community.aws) in release 1.0.0. extends_documentation_fragment: - amazon.aws.common.modules - amazon.aws.region.modules - amazon.aws.tags - amazon.aws.boto3 author: - Sloane Hertel (@s-hertel) options: # General module options state: description: - Desired state of the RDS Instance. - O(state=rebooted) is not idempotent and will leave the DB instance in a running state and start it prior to rebooting if it was stopped. V(present) will leave the DB instance in the current running/stopped state, (running if creating the DB instance). - O(state=running) and I(state=started) are synonyms, as are O(state=rebooted) and O(state=restarted). choices: ['present', 'absent', 'terminated', 'running', 'started', 'stopped', 'rebooted', 'restarted'] default: 'present' type: str creation_source: description: Which source to use if restoring from a template (an existing instance, S3 bucket, or snapshot). choices: ['snapshot', 's3', 'instance'] type: str force_update_password: description: - Set to V(true) to update your instance password with O(master_user_password). Since comparing passwords to determine if it needs to be updated is not possible this is set to V(false) by default to allow idempotence. type: bool default: false purge_cloudwatch_logs_exports: description: - Set to V(false) to retain any enabled cloudwatch logs that aren't specified in the task and are associated with the instance. - Set O(enable_cloudwatch_logs_exports) to an empty list to disable all. type: bool default: true read_replica: description: - Set to V(false) to promote a read replica instance or V(true) to create one. When creating a read replica O(creation_source) should be set to 'instance' or not provided. O(source_db_instance_identifier) must be provided with this option. type: bool wait: description: - Whether to wait for the instance to be available, stopped, or deleted. At a later time a I(wait_timeout) option may be added. Following each API call to create/modify/delete the instance a waiter is used with a 60 second delay 30 times until the instance reaches the expected state (available/stopped/deleted). The total task time may also be influenced by AWSRetry which helps stabilize if the instance is in an invalid state to operate on to begin with (such as if you try to stop it when it is in the process of rebooting). If setting this to V(false) task retries and delays may make your playbook execution better handle timeouts for major modifications. type: bool default: true # Options that have a corresponding boto3 parameter allocated_storage: description: - The amount of storage (in gibibytes) to allocate for the DB instance. type: int allow_major_version_upgrade: description: - Whether to allow major version upgrades. type: bool apply_immediately: description: - A value that specifies whether modifying an instance with O(new_db_instance_identifier) and I(master_user_password) should be applied as soon as possible, regardless of the O(preferred_maintenance_window) setting. If V(false), changes are applied during the next maintenance window. type: bool default: false auto_minor_version_upgrade: description: - Whether minor version upgrades are applied automatically to the DB instance during the maintenance window. type: bool availability_zone: description: - A list of EC2 Availability Zones that the DB instance can be created in. May be used when creating an instance or when restoring from S3 or a snapshot. Mutually exclusive with O(multi_az). aliases: - az - zone type: str backup_retention_period: description: - The number of days for which automated backups are retained. - When set to V(0), automated backups will be disabled. (Not applicable if the DB instance is a source to read replicas) - May be used when creating a new instance, when restoring from S3, or when modifying an instance. type: int ca_certificate_identifier: description: - The identifier of the CA certificate for the DB instance. type: str character_set_name: description: - The character set to associate with the DB instance. type: str copy_tags_to_snapshot: description: - Whether or not to copy all tags from the DB instance to snapshots of the instance. When initially creating a DB instance the RDS API defaults this to V(false) if unspecified. type: bool db_cluster_identifier: description: - The DB cluster (lowercase) identifier to add the aurora DB instance to. The identifier must contain from 1 to 63 letters, numbers, or hyphens and the first character must be a letter and may not end in a hyphen or contain consecutive hyphens. aliases: - cluster_id type: str db_instance_class: description: - The compute and memory capacity of the DB instance, for example V(db.t3.micro). aliases: - class - instance_type type: str db_instance_identifier: description: - The DB instance (lowercase) identifier. The identifier must contain from 1 to 63 letters, numbers, or hyphens and the first character must be a letter and may not end in a hyphen or contain consecutive hyphens. aliases: - instance_id - id required: true type: str db_name: description: - The name for your database. If a name is not provided Amazon RDS will not create a database. type: str db_parameter_group_name: description: - The name of the DB parameter group to associate with this DB instance. When creating the DB instance if this argument is omitted the default DBParameterGroup for the specified engine is used. type: str db_security_groups: description: - (EC2-Classic platform) A list of DB security groups to associate with this DB instance. type: list elements: str db_snapshot_identifier: description: - The identifier or ARN of the DB snapshot to restore from when using O(creation_source=snapshot). type: str aliases: - snapshot_identifier - snapshot_id db_subnet_group_name: description: - The DB subnet group name to use for the DB instance. aliases: - subnet_group type: str deletion_protection: description: - A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. type: bool version_added: 3.3.0 version_added_collection: community.aws domain: description: - The Active Directory Domain to restore the instance in. type: str domain_iam_role_name: description: - The name of the IAM role to be used when making API calls to the Directory Service. type: str enable_cloudwatch_logs_exports: description: - A list of log types that need to be enabled for exporting to CloudWatch Logs. aliases: - cloudwatch_log_exports type: list elements: str enable_iam_database_authentication: description: - Enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. If this option is omitted when creating the instance, Amazon RDS sets this to V(false). type: bool enable_performance_insights: description: - Whether to enable Performance Insights for the DB instance. type: bool engine: description: - The name of the database engine to be used for this DB instance. This is required to create an instance. choices: ['aurora', 'aurora-mysql', 'aurora-postgresql', 'mariadb', 'mysql', 'oracle-ee', 'oracle-ee-cdb', 'oracle-se2', 'oracle-se2-cdb', 'postgres', 'sqlserver-ee', 'sqlserver-se', 'sqlserver-ex', 'sqlserver-web'] type: str engine_version: description: - The version number of the database engine to use. For Aurora MySQL that could be V(5.6.10a) , V(5.7.12). Aurora PostgreSQL example, V(9.6.3) type: str final_db_snapshot_identifier: description: - The DB instance snapshot identifier of the new DB instance snapshot created when O(skip_final_snapshot) is V(false). aliases: - final_snapshot_identifier type: str force_failover: description: - Set to V(true) to conduct the reboot through a MultiAZ failover. type: bool iam_roles: description: - List of Amazon Web Services Identity and Access Management (IAM) roles to associate with DB instance. type: list elements: dict suboptions: feature_name: description: - The name of the feature associated with the IAM role. type: str required: true role_arn: description: - The ARN of the IAM role to associate with the DB instance. type: str required: true version_added: 3.3.0 version_added_collection: community.aws iops: description: - The Provisioned IOPS (I/O operations per second) value. Is only set when using O(storage_type) is set to io1. type: int kms_key_id: description: - The ARN of the AWS KMS key identifier for an encrypted DB instance. If you are creating a DB instance with the same AWS account that owns the KMS encryption key used to encrypt the new DB instance, then you can use the KMS key alias instead of the ARN for the KM encryption key. - If O(storage_encrypted) is V(true) and and this option is not provided, the default encryption key is used. type: str license_model: description: - The license model for the DB instance. - Several options are license-included, bring-your-own-license, and general-public-license. - This option can also be omitted to default to an accepted value. type: str master_user_password: description: - An 8-41 character password for the master database user. The password can contain any printable ASCII character except V(/), V("), or V(@). To modify the password use I(force_update_password). Use O(apply_immediately) to change the password immediately, otherwise it is updated during the next maintenance window. aliases: - password type: str master_username: description: - The name of the master user for the DB instance. Must be 1-16 letters or numbers and begin with a letter. aliases: - username type: str max_allocated_storage: description: - The upper limit to which Amazon RDS can automatically scale the storage of the DB instance. type: int monitoring_interval: description: - The interval, in seconds, when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting metrics, specify V(0). Amazon RDS defaults this to 0 if omitted when initially creating a DB instance. type: int monitoring_role_arn: description: - The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. type: str multi_az: description: - Specifies if the DB instance is a Multi-AZ deployment. Mutually exclusive with O(availability_zone). type: bool multi_tenant: description: - Specifies whether to use the multi-tenant configuration or the single-tenant configuration (default). - This parameter only applies to RDS for Oracle container database (CDB) engines. - The DB engine that you specify in the request must support the multi-tenant configuration. - If the multi-tenant configuration is enabled during creation of the DB instance, it cannot be modified later. type: bool version_added: 9.0.0 new_db_instance_identifier: description: - The new DB instance (lowercase) identifier for the DB instance when renaming a DB instance. The identifier must contain from 1 to 63 letters, numbers, or hyphens and the first character must be a letter and may not end in a hyphen or contain consecutive hyphens. Use O(apply_immediately) to rename immediately, otherwise it is updated during the next maintenance window. aliases: - new_instance_id - new_id type: str option_group_name: description: - The option group to associate with the DB instance. type: str performance_insights_kms_key_id: description: - The AWS KMS key identifier (ARN, name, or alias) for encryption of Performance Insights data. type: str performance_insights_retention_period: description: - The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731. type: int port: description: - The port number on which the instances accept connections. type: int preferred_backup_window: description: - The daily time range (in UTC) of at least 30 minutes, during which automated backups are created if automated backups are enabled using O(backup_retention_period). The option must be in the format of "hh24:mi-hh24:mi" and not conflict with O(preferred_maintenance_window). aliases: - backup_window type: str preferred_maintenance_window: description: - The weekly time range (in UTC) of at least 30 minutes, during which system maintenance can occur. The option must be in the format "ddd:hh24:mi-ddd:hh24:mi" where ddd is one of Mon, Tue, Wed, Thu, Fri, Sat, Sun. aliases: - maintenance_window type: str processor_features: description: - A dictionary of Name, Value pairs to indicate the number of CPU cores and the number of threads per core for the DB instance class of the DB instance. Names are threadsPerCore and coreCount. Set this option to an empty dictionary to use the default processor features. suboptions: threadsPerCore: description: The number of threads per core coreCount: description: The number of CPU cores type: dict promotion_tier: description: - An integer that specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. type: int publicly_accessible: description: - Specifies the accessibility options for the DB instance. A value of Vtrue) specifies an Internet-facing instance with a publicly resolvable DNS name, which resolves to a public IP address. A value of C(false) specifies an internal instance with a DNS name that resolves to a private IP address. type: bool purge_iam_roles: description: - Set to V(true) to remove any IAM roles that aren't specified in the task and are associated with the instance. type: bool default: false version_added: 3.3.0 version_added_collection: community.aws restore_time: description: - If using I(creation_source=instance) this indicates the UTC date and time to restore from the source instance. For example, "2009-09-07T23:45:00Z". - May alternatively set O(use_latest_restorable_time=true). - Only one of O(use_latest_restorable_time) and O(restore_time) may be provided. type: str s3_bucket_name: description: - The name of the Amazon S3 bucket that contains the data used to create the Amazon DB instance. type: str s3_ingestion_role_arn: description: - The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that authorizes Amazon RDS to access the Amazon S3 bucket on your behalf. type: str s3_prefix: description: - The prefix for all of the file names that contain the data used to create the Amazon DB instance. If you do not specify a SourceS3Prefix value, then the Amazon DB instance is created by using all of the files in the Amazon S3 bucket. type: str skip_final_snapshot: description: - Whether a final DB instance snapshot is created before the DB instance is deleted. If this is V(false) O(final_db_snapshot_identifier) must be provided. type: bool default: false source_db_instance_identifier: description: - The identifier or ARN of the source DB instance from which to restore when creating a read replica or spinning up a point-in-time DB instance using O(creation_source=instance). If the source DB is not in the same region this should be an ARN. type: str source_engine: description: - The identifier for the database engine that was backed up to create the files stored in the Amazon S3 bucket. choices: - mysql type: str source_engine_version: description: - The version of the database that the backup files were created from. type: str source_region: description: - The region of the DB instance from which the replica is created. type: str storage_encrypted: description: - Whether the DB instance is encrypted. type: bool storage_type: description: - The storage type to be associated with the DB instance. O(storage_type) does not apply to Aurora DB instances. choices: - standard - gp2 - gp3 - io1 type: str storage_throughput: description: - The storage throughput when the O(storage_type) is V(gp3). - When the allocated storage is below 400 GB, the storage throughput will always be 125 mb/s. - When the allocated storage is large than or equal 400 GB, the througput starts at 500 mb/s. type: int version_added: 5.2.0 tde_credential_arn: description: - The ARN from the key store with which to associate the instance for Transparent Data Encryption. This is supported by Oracle or SQL Server DB instances and may be used in conjunction with O(storage_encrypted) though it might slightly affect the performance of your database. aliases: - transparent_data_encryption_arn type: str tde_credential_password: description: - The password for the given ARN from the key store in order to access the device. aliases: - transparent_data_encryption_password type: str timezone: description: - The time zone of the DB instance. type: str use_latest_restorable_time: description: - Whether to restore the DB instance to the latest restorable backup time. - Only one of O(use_latest_restorable_time) and O(restore_time) may be provided. type: bool aliases: - restore_from_latest vpc_security_group_ids: description: - A list of EC2 VPC security groups to associate with the DB instance. type: list elements: str purge_security_groups: description: - Set to V(false) to retain any enabled security groups that aren't specified in the task and are associated with the instance. - Can be applied to O(vpc_security_group_ids) and O(db_security_groups) type: bool default: true version_added: 1.5.0 version_added_collection: community.aws a # Note: These examples do not set authentication details, see the AWS Guide for details. - name: Create minimal aurora instance in default VPC and default subnet group amazon.aws.rds_instance: engine: aurora db_instance_identifier: ansible-test-aurora-db-instance instance_type: db.t3.small password: "{{ password }}" username: "{{ username }}" cluster_id: ansible-test-cluster # This cluster must exist - see rds_cluster to manage it - name: Create a DB instance using the default AWS KMS encryption key amazon.aws.rds_instance: id: test-encrypted-db state: present engine: mariadb storage_encrypted: true db_instance_class: db.t3.medium username: "{{ username }}" password: "{{ password }}" allocated_storage: "{{ allocated_storage }}" - name: Remove the DB instance without a final snapshot amazon.aws.rds_instance: id: "{{ instance_id }}" state: absent skip_final_snapshot: true - name: Remove the DB instance with a final snapshot amazon.aws.rds_instance: id: "{{ instance_id }}" state: absent final_snapshot_identifier: "{{ snapshot_id }}" - name: Add a new security group without purge amazon.aws.rds_instance: id: "{{ instance_id }}" state: present vpc_security_group_ids: - sg-0be17ba10c9286b0b purge_security_groups: false register: result # Add IAM role to db instance - name: Create IAM policy amazon.aws.iam_managed_policy: policy_name: "my-policy" policy: "{{ lookup('file','files/policy.json') }}" state: present register: iam_policy - name: Create IAM role community.aws.iam_role: assume_role_policy_document: "{{ lookup('file','files/assume_policy.json') }}" name: "my-role" state: present managed_policy: "{{ iam_policy.policy.arn }}" register: iam_role - name: Create DB instance with added IAM role amazon.aws.rds_instance: id: "my-instance-id" state: present engine: postgres engine_version: 14.2 username: "{{ username }}" password: "{{ password }}" db_instance_class: db.m6g.large allocated_storage: "{{ allocated_storage }}" iam_roles: - role_arn: "{{ iam_role.arn }}" feature_name: 's3Export' - name: Remove IAM role from DB instance amazon.aws.rds_instance: id: "my-instance-id" state: present purge_iam_roles: true # Modify the DB instance type without waiting for a maintenance window - name: Modify an RDS Instance amazon.aws.rds_instance: db_instance_identifier: mydbinstance123 instance_class: db.t2.small apply_immediately: true register: rds_instance # Restore DB instance from snapshot - name: Create a snapshot and wait until completion amazon.aws.rds_instance_snapshot: instance_id: 'my-instance-id' snapshot_id: 'my-new-snapshot' state: present wait: true register: snapshot - name: Restore DB from snapshot amazon.aws.rds_instance: id: 'my-restored-db' creation_source: snapshot snapshot_identifier: 'my-new-snapshot' engine: mariadb state: present register: restored_db a% allocated_storage: description: The allocated storage size in gigabytes. This is always 1 for aurora database engines. returned: always type: int sample: 20 associated_roles: description: The list of currently associated roles. returned: always type: list sample: [] auto_minor_version_upgrade: description: Whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. returned: always type: bool sample: true availability_zone: description: The availability zone for the DB instance. returned: always type: str sample: us-east-1f backup_retention_period: description: The number of days for which automated backups are retained. returned: always type: int sample: 1 ca_certificate_identifier: description: - The identifier of the CA certificate for the DB instance. returned: always type: str sample: rds-ca-2015 copy_tags_to_snapshot: description: Whether tags are copied from the DB instance to snapshots of the DB instance. returned: always type: bool sample: false db_instance_arn: description: The Amazon Resource Name (ARN) for the DB instance. returned: always type: str sample: arn:aws:rds:us-east-1:123456789012:db:ansible-test db_instance_class: description: The name of the compute and memory capacity class of the DB instance. returned: always type: str sample: db.m5.large db_instance_identifier: description: The identifier of the DB instance. returned: always type: str sample: ansible-test db_instance_port: description: The port that the DB instance listens on. returned: always type: int sample: 0 db_instance_status: description: The current state of this database. returned: always type: str sample: stopped db_parameter_groups: description: The list of DB parameter groups applied to this DB instance. returned: always type: complex contains: db_parameter_group_name: description: The name of the DP parameter group. returned: always type: str sample: default.mariadb10.0 parameter_apply_status: description: The status of parameter updates. returned: always type: str sample: in-sync db_security_groups: description: A list of DB security groups associated with this DB instance. returned: always type: list sample: [] db_subnet_group: description: The subnet group associated with the DB instance. returned: always type: complex contains: db_subnet_group_description: description: The description of the DB subnet group. returned: always type: str sample: default db_subnet_group_name: description: The name of the DB subnet group. returned: always type: str sample: default subnet_group_status: description: The status of the DB subnet group. returned: always type: str sample: Complete subnets: description: A list of Subnet elements. returned: always type: complex contains: subnet_availability_zone: description: The availability zone of the subnet. returned: always type: complex contains: name: description: The name of the Availability Zone. returned: always type: str sample: us-east-1c subnet_identifier: description: The ID of the subnet. returned: always type: str sample: subnet-12345678 subnet_status: description: The status of the subnet. returned: always type: str sample: Active vpc_id: description: The VpcId of the DB subnet group. returned: always type: str sample: vpc-12345678 dbi_resource_id: description: The AWS Region-unique, immutable identifier for the DB instance. returned: always type: str sample: db-UHV3QRNWX4KB6GALCIGRML6QFA deletion_protection: description: C(true) if the DB instance has deletion protection enabled, C(False) if not. returned: always type: bool sample: False version_added: 3.3.0 version_added_collection: community.aws domain_memberships: description: The Active Directory Domain membership records associated with the DB instance. returned: always type: list sample: [] endpoint: description: The connection endpoint. returned: always type: complex contains: address: description: The DNS address of the DB instance. returned: always type: str sample: ansible-test.cvlrtwiennww.us-east-1.rds.amazonaws.com hosted_zone_id: description: The ID that Amazon Route 53 assigns when you create a hosted zone. returned: always type: str sample: ZTR2ITUGPA61AM port: description: The port that the database engine is listening on. returned: always type: int sample: 3306 engine: description: The database engine version. returned: always type: str sample: mariadb engine_version: description: The database engine version. returned: always type: str sample: 10.0.35 iam_database_authentication_enabled: description: Whether mapping of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. returned: always type: bool sample: false instance_create_time: description: The date and time the DB instance was created. returned: always type: str sample: '2018-07-04T16:48:35.332000+00:00' kms_key_id: description: The AWS KMS key identifier for the encrypted DB instance when storage_encrypted is true. returned: When storage_encrypted is true type: str sample: arn:aws:kms:us-east-1:123456789012:key/70c45553-ad2e-4a85-9f14-cfeb47555c33 latest_restorable_time: description: The latest time to which a database can be restored with point-in-time restore. returned: always type: str sample: '2018-07-04T16:50:50.642000+00:00' license_model: description: The License model information for this DB instance. returned: always type: str sample: general-public-license master_username: description: The master username for the DB instance. returned: always type: str sample: test max_allocated_storage: description: The upper limit to which Amazon RDS can automatically scale the storage of the DB instance. returned: When max allocated storage is present. type: int sample: 100 monitoring_interval: description: - The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. 0 means collecting Enhanced Monitoring metrics is disabled. returned: always type: int sample: 0 multi_az: description: Whether the DB instance is a Multi-AZ deployment. returned: always type: bool sample: false multi_tenant: description: Specifies whether to use the multi-tenant configuration or the single-tenant configuration (default). returned: for Oracle container database (CDB) engines and boto3_version == "1.28.80" type: bool version_added: 9.0.0 sample: false option_group_memberships: description: The list of option group memberships for this DB instance. returned: always type: complex contains: option_group_name: description: The name of the option group that the instance belongs to. returned: always type: str sample: default:mariadb-10-0 status: description: The status of the DB instance's option group membership. returned: always type: str sample: in-sync pending_modified_values: description: The changes to the DB instance that are pending. returned: always type: complex contains: {} performance_insights_enabled: description: true if Performance Insights is enabled for the DB instance, and otherwise false. returned: always type: bool sample: false preferred_backup_window: description: The daily time range during which automated backups are created if automated backups are enabled. returned: always type: str sample: 07:01-07:31 preferred_maintenance_window: description: The weekly time range (in UTC) during which system maintenance can occur. returned: always type: str sample: sun:09:31-sun:10:01 publicly_accessible: description: - C(True) for an Internet-facing instance with a publicly resolvable DNS name, C(False) to indicate an internal instance with a DNS name that resolves to a private IP address. returned: always type: bool sample: true read_replica_db_instance_identifiers: description: Identifiers of the Read Replicas associated with this DB instance. returned: always type: list sample: [] storage_encrypted: description: Whether the DB instance is encrypted. returned: always type: bool sample: false storage_type: description: The storage type to be associated with the DB instance. returned: always type: str sample: standard tags: description: A dictionary of tags associated with the DB instance. returned: always type: complex contains: {} vpc_security_groups: description: A list of VPC security group elements that the DB instance belongs to. returned: always type: complex contains: status: description: The status of the VPC security group. returned: always type: str sample: active vpc_security_group_id: description: The name of the VPC security group. returned: always type: str sample: sg-12345678 )sleep)Any)Dict)List)Optionalto_text)camel_dict_to_snake_dict) string_types)is_boto3_error_message)AnsibleAWSModule)AnsibleRDSError)arg_spec_to_rds_params) call_method)compare_iam_roles)describe_db_instances) ensure_tags)#format_rds_client_method_parameters)get_final_identifier) get_snapshot)update_iam_roles)ansible_dict_to_boto3_tag_list)boto3_tag_list_to_ansible_dict)aurora aurora-mysqlaurora-postgresqlmariadbmysql oracle-ee oracle-ee-cdb oracle-se2oracle-se2-cdbpostgres sqlserver-ee sqlserver-se sqlserver-ex sqlserver-web) rrr r!r"r#r$r%r&r'instancestatecreation_source read_replicareturncd}|dk(s|dk(r |r |ddvrd}|S|rd}|S|durd }|S|d k(rd }|S|d k(rd }|S|dk(rd}|Sd}|S)a0 Returns the target boto3 rds client method name given the provided module options and current instance state. Parameters: instance (dict): Current instance attributes as returned by get_instance() state (str): Desired instance state as provided to module options creation_source (str): Creation source to use for restoring an instance as provided to module options read_replica (bool): Whether to create (True) or promote (False) a read replica as provided to module options Returns: method_name (str): Name of boto3 rds client method needed to achieve desired state. Returns None if desired state is "absent" or "terminated" and current instance is None or the current instance status is "deleting" or "deleted" Nabsent terminatedDBInstanceStatus)deletingdeleteddelete_db_instancemodify_db_instanceTcreate_db_instance_read_replicasnapshot$restore_db_instance_from_db_snapshots3restore_db_instance_from_s3r($restore_db_instance_to_point_in_timecreate_db_instance)r(r)r*r+ method_names k/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/amazon/aws/plugins/modules/rds_instance.pyget_rds_method_attribute_namer?s K E\1 !34 zget_instance..s#- 4;WV_gg. /- PendingModifiedValuesc30K|]}|d|dfywrKr<rNs r>rQzget_instance..s%F 4;WV_gg. /F rR)rr fail_json_awsrpopgetdict)clientrArB instanceser(s r> get_instancer\s&IS)&~V Q< 5hll96MNHV||'((,- ?GH[?\- ) $%||+R0445HIAEF ?GH_?`at?uF B ()*=> O% SQ&@@P$QRRSs B"" C +CC  parametersr=c|dk(r|jd|d<t||||d}|jd5|djDcgc]\}}|t |dc}}|d<|jdgk(r|dk(s|j d|d vr"|jd rt |d |d <|dk(r t|||}|Scc}}w) a Returns a dict of parameters validated and formatted for the provided boto3 client method. Performs the following parameters checks and updates: - Formats provided parameters as expected by provided method - Converts the following dict parameters to lists of dicts as expected by the boto3 rds client: ProcessorFeatures, Tags - If method is "modify_db_instance", compares supplied parameters to current instance attributes, determines which parameters need to be modified, and removes any parameters that do not need to be modified Parameters: client: boto3 rds client module: AnsibleAWSModule parameters (dict): Parameter options from module argument_spec method_name: boto3 client method for which to validate parameters Returns: Dict of client parameters formatted for the provided method Raises: Fails the module if any parameters required by the provided method are not provided in module options r:db_instance_identifierTargetDBInstanceIdentifierF) format_tagsrI)rLrMr4)r;r5r7rH)paramsrrWitemsr rVr get_options_with_changing_values)rYrAr]r=kvs r>get_parametersrgs,<<39==AY3Z /04VVZQ\jopJ~~)*69CDW9X9^9^9`+ 15AQ ,+ &' ~~)*b0H\9\*+ww >>& !!? 6@R!SJv **5ffjQ !+ sCc|jd}|jd}|jd}|jd}|jdd}|jd}|jd} |jd } |jjd } | r| |d <|r||d <|s|jd d|||d<|jds|jddt|||} t || || } | j t || | }| dur#| jdr|jd| jddk(r| jdijd| d}| jdijd| d}|jjd}|jjd}||k7s||k7r ||d<||d<| jddk(r$d}| jdijd| d}|jjdxs|}||k7r||d<| jdijd| d}|jjdxs|}|jjd}| jdijd| d}|rN||k7r||d<|dk\r?|d kr|jd!|d"kr|r|jd#||k7r ||d<||d<| jd$}||jjd%k(s0|jd&d'|jjd%k(r|jd$d|jd(rB| jdijd)r!|d(| dd)k(r|s|jd(|r ||d)<|||d<|S)*a Compares current instance attributes to the provided parameters and module options and returns parameters with values to be modified. Parameters: client: boto3 rds client module: AnsibleAWSModule parameters (dict): Parameters for boto3 client modify_db_instance method Returns: parameters (dict): Updated parameters including only parameters that need to be modified, renamed and formatted as expected by boto3 client modify_db_instance method Raises: Fails the module if invalid changes are provided for iops or storage_throughput values r_purge_cloudwatch_logs_exportsforce_update_passwordportApplyImmediatelyNenable_cloudwatch_logs_exportspurge_security_groupsca_certificate_identifier multi_tenantCACertificateIdentifier DBPortNumberMasterUserPassword!CloudwatchLogsExportConfiguration storage_typeIopsF MultiTenantzdA DB which is configured to be a multi tenant cannot be modified to use single tenant configuration.rE StorageTypeio1rSAllocatedStorageiopsallocated_storagegp3TStorageThroughputstorage_throughputii.zYIOPS must be at least 12000 when the allocated storage is larger than or equal to 400 GB.izeStorage Throughput must be at least 500 when the allocated storage is larger than or equal to 400 GB.PerformanceInsightsKMSKeyIdperformance_insights_kms_key_id/NewDBInstanceIdentifierrD) rbrVrWr\+get_changing_options_with_inconsistent_keysupdate)get_changing_options_with_consistent_keys fail_jsonsplit)rYrAr] instance_idpurge_cloudwatch_logsrjrkapply_immediatelycloudwatch_logs_enabledrnrorpr(updated_parameters current_iopscurrent_allocated_storagenew_iopsnew_allocated_storageGP3_THROUGHPUTcurrent_storage_throughputnew_storage_throughput(instance_performance_insights_kms_key_ids r>rdrd)s` -- 89K"MM*IJ"MM*AB == D"'94@$mm,LM"MM*AB & .I J==$$^4L 0I ,- %) >" +T2*:Q 67 == (vt$FFK8HDH35JG T\]^#Ju << &   z   ||M"e+||$;R@DDVXV\M]^ $,LL1H"$M$Q$Q ); <% !==$$V, & 1 12E F 8 #'@DY'Y-BJ) *!)Jv ||M"e+%-\\2I2%N%R%R *=!>& ""(!2!23G!H!fLf !%? ?.DJ* +||$;R@DDVXV\M]^ ==$$V,<  & 1 12E F$,LL1H"$M$Q$Q ); <% ! !(,AA1F -.$+e#$$w%*C/N$$*% 8+)1Jv&5JJ12/7||U5VWm5n n% NN4 5-8 )*  (->J) * r@ci}|jdijdijdgr|ddd}|ddd}||d|d<n|jdggd|d<|jdijdr |dd|d <n |d d|d <|jdijd r |dd |d <n |d d |d <|jdijd r |dd |d <n|jd i|d <|dDcgc]}|d c}|d<|dDcgc]}|ddvs |dc}|d<|dDcgc]}|ddvs |dc}|d<|dDcgc]}|d c}|d<|d|d<|jdd|d<|d|d<d |d!<d |d"<|Scc}wcc}wcc}wcc}w)#a Returns current instance attributes whose formats differ from those expected by boto3 client modify_db_instance method, updated to match method options. Option formats for the boto3 client modify_db_instance method do not always match their corresponding attributes returned by describe_db_instances. To ensure that we are accurately comparing the two dicts for changes, this function: - Checks for pending modified values in these instance attributes and updates the corresponding current attributes to match the pending values - Converts these instance attribute names and value formats to those expected by the modify_db_instance method Parameters: instance (dict): Current instance attributes as returned by get_instance() Returns: options (dict): Current instance attributes updated to match the boto3 client modify_db_instance method option formatting. Only returns attributes whose format varies between the returned attributes and the method options (i.e., excludes any attributes whose formats already match what the boto3 client method expects) rSPendingCloudwatchLogsExportsLogTypesToEnableLogTypesToDisable)rrrtEnabledCloudwatchLogsExportsPortrrEndpointDBSubnetGroupName DBSubnetGrouprIOptionGroupMembershipsOptionGroupNameDBSecurityGroupsStatus)addingactiveDBSecurityGroupNameVpcSecurityGroupsVpcSecurityGroupIdVpcSecurityGroupIdsDBParameterGroupsDBParameterGroupName IAMDatabaseAuthenticationEnabledEnableIAMDatabaseAuthenticationPerformanceInsightsEnabledFEnablePerformanceInsightsrDrNAllowMajorVersionUpgradersrW)r(optionscurrent_enabledcurrent_disabledgsgparameter_groups r>-get_current_attributes_with_inconsistent_keysrs"!G||+R0445SUWX\\]oqst"#:;||+R0445HI'/0G'HI\']#$'/'@AT'U#$||+R0445HI'/0G'HI\']#$'/||4G'L#$AIIa@b!c1!$5"6!cG ,45G,H#&(BxL\pLp !#G ,44G+H&%'BxL\pLp  &G !"HPPcGd'4C./'G "#2::\1]G -.,4<<8TV[+\G '()12H)IG %&+/G &'$(G ! N)"d#&'s$% G> G G G ,G  G modify_paramsrrnc,i}t|}|jD]r\}}|j|d}|t|tr`t|tr;t |t |kr |dvr|r|||<n-t |t |krwt|t r||vr|dk7r||k(r|dk(r|t|ddk(r|dk(r |gk(rd|d<|dk(rzt |jd g}t |}ggd } t |j|| d <|rt |j|| d <| d s| d s5| ||<<|dvr.|r|||<It t |t |z||<n|||<u|S) a Compares current instance attributes with provided parameters whose formats are inconsistent between describe_db_instances and modify_db_instance methods. Parameters: modify_params (dict): Parameters to be supplied to boto3 client modify_db_instance method; should already be validated and formatted instance (dict): Current instance attributes as returned by get_instance() purge_cloudwatch_logs (bool): True if currently enabled cloudwatch logs exports should be removed from configuration when not in provided parameters, False if they should be retained purge_security_groups (bool): True if currently associated security groups should be removed from instance if not in provided parameters, False if they should be retained Returns: changing_params (dict): Parameters to be modified N)rrrIrLrMTUseDefaultProcessorFeaturesrtr)EnableLogTypesDisableLogTypesrr) rrcrV isinstancelistsetr rrW difference) rr(rrnchanging_paramscurrent_optionsoptioncurrent_optiondesired_option format_options r>rrs"')OCHMO"1"7"7"9:5&**648  !  nd +.$/'#n*=="MM-/=OF+(C,??NL9!^3 ( (^~-M  ( (^?] FG@ .   ( (^r-A=AO9 : : : !3!34F!KLN 0N@BWY-ZM.2>3L3L^3\.]M* +$378Q8QR`8a3b /0-.-@Q2R*7' B B$*8'*.s>/BSEX/X*Y'&4OF #u:5v r@ci}|D]I}|jdij|d}||j|d}|||k7sB||||<K|S)a Compares current instance attributes with provided parameters whose attribute and parameter formats match. Parameters: modify_params (dict): Parameters to be supplied to boto3 client modify_db_instance method; should already be validated and formatted instance (dict): Current instance attributes as returned by get_instance() Returns: changing_params (dict): Parameters to be modified rSNr)rr(rparamrs r>rrHsp')O:!&=rBFFudS  !%\\%6N  > 1%25%9OE " : r@NcP|jd}|jd}|jd}|jd}|jd}t|jdxs|jd}|jd} |jd } |jd } |jd } |rt|||} ni} |r|r| r|jd |d |r|s| r|jd |d|dvr|r|s||jd|6|j ds%|j ds|r|jd| dur|s| dvr|jd| d| dur|s| s|jd| |dvr|jd|dyyy)a Validates complex module option logic and fails the module with an error message if options are invalid. Parameters: client: boto3 rds client module: AnsibleAWSModule instance (dict): Current instance attributes as returned by get_instance() Raises: Fails the module if provided module options are incompatible with each other or with current instance attributes r)skip_final_snapshotfinal_db_snapshot_identifiernew_db_instance_identifierenginetde_credential_passwordtde_credential_arnr+r*source_db_instance_identifierrpzA new instance ID z# was provided but it already existsrEz; was provided but the instance to be renamed does not exist)r.r/Nz_skip_final_snapshot is false but all of the following are missing: final_db_snapshot_identifierroraclez2TDE is available for MySQL and Oracle DB instancesT)Nr(z"Cannot create a read replica from z#. You must use a source DB instancez|read_replica is true and the instance does not exist yet but all of the following are missing: source_db_instance_identifier)r"r zbMulti Tenant parameter only applies to RDS for Oracle container database (CDB) engines and not to .)rbboolr\r startswith)rYrAr(r)r snapshot_id modified_idr tde_optionsr+r*source_instancerpmodified_instances r>validate_optionsr`s MM' "E --(=>-- >?K-- <=K ]]8 $Fv}}%>?f6==QeCfgK==0Lmm$56Omm$CDO==0L(Ex$51+>abc8(9$[M1lm   ((X>QVaViq  6#4#4W#=ARARS[A\bmQRtHHZ1ZA/ARRuvwtH_1  F2U$Utu{t||}~  %Vr@rc d}|s t|||}|t|||d|d|jd|jdz}|t||||jdz}|t ||||jdz}|S)a Ensures that an existing instance's tags, read replica status, and state match what is supplied in module options. Parameters: client: boto3 rds client module: AnsibleAWSModule instance (dict): Current instance attributes as returned by get_instance() instance_id (str): Existing instance identifier, used to retrieve instance attributes if provided instance dict is empty Returns: changed (bool): True if instance was successfully updated, False if not F DBInstanceArnrHtags purge_tagsr+r))r\rrbpromote_replication_instanceupdate_instance_state)rYrAr(rchangeds r>update_instancersG  < {18F3CV]]SYEZ\b\i\ijv\wG +FFHfmmTbFcddG $VVXv}}W?UVVG Nr@cd}|dur4t|jdr t||dd|di\}}|S|S#td$rY|SwxYw)a Promotes the provided DB instance from a read replica to a standalone instance. Only promotes the instance if read_replica is False, which is confusing but is how the module is documented. Returns changed=False without any warning or error message if the provided instance is not a read replica. Parameters: client: boto3 rds client module: AnsibleAWSModule instance (dict): Current instance attributes as returned by get_instance() read_replica (bool): False if instance should be promoted Returns: changed (bool): True if provided instance was successfully promoted, False if not F StatusInfospromote_read_replicarD)r=r]z!DB Instance is not a read replica)rrWrr )rYrAr(r+r_results r>rrsy$Gu  ]+ , #. 6 6AW8XY $  N7N**MN  N s=AActt|||ddg}|jd}|tvr|j d|dtd}|j jd }|j jd r|j jd ng}|jd g}t |||\} } t| xs| r3d }|jr|jdd |i||St|||| | |S)aa Ensure specified IAM roles are associated with DB instance. Parameters: client: boto3 rds client module: AnsibleAWSModule instance_id (str): Existing DB instance identifier Returns: changed (bool): True if changes were successfully made to DB instance's IAM roles; False if not rHrI ignore_listrz DB engine z6 is not valid for adding IAM roles. Valid engines are rEFpurge_iam_roles iam_rolesassociated_rolesTrr<) r r\rWvalid_engines_iam_rolesrrbrr check_mode exit_jsonr) rYrArr(rrr target_rolesexisting_roles roles_to_addroles_to_removes r>ensure_iam_rolesrs(VV[1H[?\H \\( #F ,,VH$Z[rZst  Gmm''(9:O5;]]5F5F{5S6==$$[1Y[L\\"4b9N$5nlTc$d!L/ L +O,    F   9W 9 9 N VV[, X Nr@c\d}|dvr|t|||z}|dvr|t||||z}|S)a Starts, stops, or reboots an instance given the desired state and current instance attributes. Parameters: client: boto3 rds client module: AnsibleAWSModule instance (dict): Current instance attributes as returned by get_instance() state (str): Desired instance state as provided to module options Returns: changed (bool): True if DB instance state was updated, False if not F)rebooted restarted)startedrunningstopped)reboot_running_db_instancestart_or_stop_instance)rYrAr(r)rs r>rrsJG ))-ffhGG 11)&&(EJJ Nr@cd|di}|ddvrt||d||jjd|jd|d<t||d|\}}|S)a Reboots provided instance. If the instance is currently stopped or stopping, restarts it first. Parameters: client: boto3 rds client module: AnsibleAWSModule instance (dict): Current instance attributes as returned by get_instance() Returns: changed (bool): True if instance was successfully rebooted, False otherwise. rDr0)rstoppingstart_db_instanceforce_failover ForceFailoverreboot_db_instance)rrbrW)rYrAr(r]_resultsrs r>rrsw)(3I*JKJ"#'>>FF$7D }})*6&,mm4D&E ?##FF4H*UHg Nr@cd}d|di}|dk(r;|ddvr4|jdr|jd|d<t||d|\}}|S|d k(r|dd vrt||d |\}}|S) a Starts or stops provided instance given desired state. Checks whether the instance is already in or pending the desired state, if so does not alter it. Parameters: client: boto3 rds client module: AnsibleAWSModule instance (dict): Current instance attributes as returned by get_instance() state (str): Desired instance state as provided to module options Returns: changed (bool): True if instance was started or stopped, False if not FrDrr0)rrdb_snapshot_identifierDBSnapshotIdentifierstop_db_instancer) availablestarting restartingr)rbr)rYrAr(r)rr]rs r>rr+sG((3I*JKJ h'9:BYY ==1 217?W1XJ- .&vv7I:V N ) ); (d?td d@tdAtdBtdCgd DdEtdFgdGtd dHtd dItdJtd dKtd dLtdMdNgdOtdPtdQtd dRtd dStdTgdUtdVgdWtd> dXtd dYtd dZtd[td\td]td^tdd d_td`tdagdbtdctddtd detgdfdgtd dhtd>dig,djtdkgdltd dmgndotdptddqg,drtd'd(|jgds}d7dtdggd7dudggd7dvdggdedwd?d ggdxdyd)d7ggdxdz|gg}gd{dpdZgddJgg}t|||d |jd j jd <jdLr*jdLj jdL<jdW:td}jdWj DjdW<jdUr*jdUj jdU<jjdrjrjd~jd}d}jd}jd }t||}t||t||jdxjd} | rjr%| dvr!jddd it|ddgt!tfdjD} t#|| | } | r>jr!jddd it|ddgt%|| | \} }t'| }|dk7rejr|r|t)|||z}jjd=sjjdr|t+||z}|rMt||}|dk7r;|s js-t-ddD]} t||}|rn t/d |dk(r?|r=jd^s.jd:} |jt1||ddd}|jdijdr|dj7d}t|ddg}|||ddW<jdd|i|y#t2$r }j5|d|Yd}~d}~wwxYw)N)presentr.r/rrrrrr )choicesdefault)r6r8r()rrF)typerno_logT)rr)r) r)r*rjrirrr+waitrnr|intallow_major_version_upgraderauto_minor_version_upgradeavailability_zoneazzone)aliasesbackup_retention_periodrostrcharacter_set_namecopy_tags_to_snapshotdb_cluster_identifier cluster_iddb_instance_classclass instance_typer_rid)requiredrdb_namedb_parameter_group_namedb_security_groupsr)relementsrsnapshot_identifierr)rrdb_subnet_group_name subnet_groupdeletion_protectiondomaindomain_iam_role_namermcloudwatch_log_exports)rrr("enable_iam_database_authenticationenable_performance_insightsr)rrengine_versionrfinal_snapshot_identifierrrrXr{ kms_key_id license_modelmaster_user_passwordpassword)rrmaster_usernameusernamemax_allocated_storagemonitoring_intervalmonitoring_role_arnmulti_azrprnew_instance_idnew_idoption_group_namer%performance_insights_retention_periodrkpreferred_backup_window backup_windowpreferred_maintenance_windowmaintenance_windowprocessor_featurespromotion_tierpublicly_accessible restore_times3_bucket_names3_ingestion_role_arn s3_prefixrr source_enginersource_engine_version source_regionstorage_encryptedru)standardgp2r}ryrr resource_tagsrtransparent_data_encryption_arnr$transparent_data_encryption_password)rrtimezoneuse_latest_restorable_timerestore_from_latestvpc_security_group_ids)rJrr8r6rMrNrKrrzaurora-postresqlryr*r6r8)rJrr) argument_spec required_ifmutually_exclusivesupports_check_modec3<K|]\}}|t|fywNr)rOrerfs r>rQzmain..s!3 $1Q O3 sz~allow_major_version_upgrade is not returned when describing db instances, so changed will always be `True` on check mode runs.rdsr)r+)r;r3rrHrIrc3JK|]}|vs|j|fywr_)rb)rOrerAparameter_optionss r>rQzmain..s'X1FWAW!V]]1%&Xs ##r.rr r() FinalSnapshotzFailed to get snapshot: rErSpending_modified_valuesr<)rX valid_enginesrr rblowerrcrWrwarnrYr\rr?rr rrgrrrrrangerrrrUrV)arg_specrequired_if_s3_creation_sourcer[r\rYrr)rr(r=raw_parametersparameters_to_modifyr _wait_attemptrr[pending_processor_featuresrArbs @@r>mainrqEs q %CD"eL&*&E&%8VT2v& vt ,"= HCE*C$(f$5CFE:C$(V#4 C f~6 C !%% 0 C#'E"2C 6C#/C#L>:C'ABC $TM4;PQCC!%C Ve<C $9NP]8^_!C"">*:;#C$!f-%C&v'C("V)C*(,BZA[fk'l+C,,0V+<-C.%)f$5/C0 61C2v3C4&*3N2O%P5C6(7C8FV49C:u ;C<6=C>f?C@":,tDACBj\2CCD#.ECF!e,GCH!FICJ6"KCLv&MCN$(1BH0M#NOCP&QCR)-SCT/3.>UCVu WCX!%o-> ?YCZ&*3G2H%I[C\ V,]C^'_C`!f-aCbVcCdveCf#fgCh&iCj!feS=T#UCCD $%@ECH OO%&&" 8567 >$;#<= %(?'@A )< => J)A8(LM D"@A K V %~6 j) - F/5mm Fd8e8k8k8m 45 }}67F[\H!-D^*+,@AF1W11# V$$Q.F{m,T$UU Vs_ `&``__main__)6 DOCUMENTATIONEXAMPLESRETURNtimertypingrrrransible.module_utils._textr 0ansible.module_utils.common.dict_transformationsr ansible.module_utils.sixr rs%J Xh Tu n .U1_XSZOUYOgXPTff " !!!14!DLTN! c]!H(!1(3(4PSUXPX>(V+#3+c3h+^a+fjknpsksft+\B5EBSWX[]`X`SaBfjknpsksftBJFDcNFtTWY\T\~FRNS>N-1#s(^NTXNquN #s(^NbS>-1#s(^ #s(^06 %56 c3h6 TX6 r$4S#X]`ei: $ 04S#X NR   F#%5#C#D#L*:d3PS8n]`ei*/?4PSUXPX>^b.+;tCQTH~^afj4N2b zFr@